invalid signature class in GnuPG on BC generated certificate

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

invalid signature class in GnuPG on BC generated certificate

Lou Wynn

Hi,

I'm having a problem in generating and verifying certificate signatures. I use the following code snippet to sign a public key:

    PGPSignatureGenerator sigGen = new PGPSignatureGenerator(
            ((JcaPGPContentSignerBuilder)signerBuilder).setProvider("BC"));
    sigGen.init(PGPSignature.POSITIVE_CERTIFICATION, signKey.getPrivateKey());
    subpGen = new PGPSignatureSubpacketGenerator();
    subpGen.setSignatureCreationTime(true, new Date());
    subpGen.setSignatureExpirationTime(true, certExpiry);
    //subpGen.setSignerUserID(true, signerId);
    hashedPacks = subpGen.generate();
    sigGen.setHashedSubpackets(hashedPacks);
    PGPSignature cert = sigGen.generateCertification(id, pub);
    pub = PGPPublicKey.addCertification(pub, cert);
    sec = PGPSecretKey.replacePublicKey(sec, pub);
    secRing = PGPSecretKeyRing.insertSecretKey(secRing, sec);
    pubRing = PGPPublicKeyRing.insertPublicKey(pubRing, pub);

and this code to verify it:

    if (sigType == PGPSignature.POSITIVE_CERTIFICATION) {
        sig.init(new JcaPGPContentVerifierBuilderProvider().setProvider("BC"), signPub);
       
        String userid = (String)pub.getUserIDs().next();
        if (sig.verifyCertification(userid, pub)) {
            out.println("    Verified certification for userid: " + userid);
        }
        else {...}

In my BC program, the key signing and verification seems to work well.

However, when I exported generated key rings and imported them into PGP2. With --check-sigs command, pgp2 reports the following error:

pub   rsa1024/05DA55AD 2017-06-23 [SC] [expires: 2027-06-21]
      Key fingerprint = 849B 4A9E A5AA 9C7A 11AF  69B8 ADE8 F24C 05DA 55AD
sig%3        BAF061AD 2017-06-23  [Invalid signature class]
uid         [ unknown] Ops key

Can anyone help explain what goes wrong and how to fix it? I've attached the two rings. The passphrase for both is 1 (number one).

-- 
Thanks,
Lou

opsSecRing.sec (2K) Download Attachment
rootSecRing.sec (966 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: invalid signature class in GnuPG on BC generated certificate

Lou Wynn

After experimenting more with the code, I've finally fixed the issue. I should have used the PGPPublicKey.addCertification which has three parameters with the userID in the middle for a positive certification.


Thanks,
Lou
On 06/22/2017 10:15 PM, Lou Wynn wrote:

Hi,

I'm having a problem in generating and verifying certificate signatures. I use the following code snippet to sign a public key:

    PGPSignatureGenerator sigGen = new PGPSignatureGenerator(
            ((JcaPGPContentSignerBuilder)signerBuilder).setProvider("BC"));
    sigGen.init(PGPSignature.POSITIVE_CERTIFICATION, signKey.getPrivateKey());
    subpGen = new PGPSignatureSubpacketGenerator();
    subpGen.setSignatureCreationTime(true, new Date());
    subpGen.setSignatureExpirationTime(true, certExpiry);
    //subpGen.setSignerUserID(true, signerId);
    hashedPacks = subpGen.generate();
    sigGen.setHashedSubpackets(hashedPacks);
    PGPSignature cert = sigGen.generateCertification(id, pub);
    pub = PGPPublicKey.addCertification(pub, cert);
    sec = PGPSecretKey.replacePublicKey(sec, pub);
    secRing = PGPSecretKeyRing.insertSecretKey(secRing, sec);
    pubRing = PGPPublicKeyRing.insertPublicKey(pubRing, pub);

and this code to verify it:

    if (sigType == PGPSignature.POSITIVE_CERTIFICATION) {
        sig.init(new JcaPGPContentVerifierBuilderProvider().setProvider("BC"), signPub);
       
        String userid = (String)pub.getUserIDs().next();
        if (sig.verifyCertification(userid, pub)) {
            out.println("    Verified certification for userid: " + userid);
        }
        else {...}

In my BC program, the key signing and verification seems to work well.

However, when I exported generated key rings and imported them into PGP2. With --check-sigs command, pgp2 reports the following error:

pub   rsa1024/05DA55AD 2017-06-23 [SC] [expires: 2027-06-21]
      Key fingerprint = 849B 4A9E A5AA 9C7A 11AF  69B8 ADE8 F24C 05DA 55AD
sig%3        BAF061AD 2017-06-23  [Invalid signature class]
uid         [ unknown] Ops key

Can anyone help explain what goes wrong and how to fix it? I've attached the two rings. The passphrase for both is 1 (number one).

-- 
Thanks,
Lou